3DS Userland Flaws: Difference between revisions
RPG Maker Fes/Player |
→System applets: smea's defcon presentation: mhax |
||
| Line 334: | Line 334: | ||
| May 20, 2018 | | May 20, 2018 | ||
| [[User:Nba_Yoh|MrNbaYoh]] | | [[User:Nba_Yoh|MrNbaYoh]] | ||
|- | |||
| MicroSD Management - malformed security blob causes stack buffer overflow (mhax) | |||
| The MicroSD Management application's parsing of Windows NTLM security blobs in the SMB/CIFS protocol doesn't verify that the client's specified NT domain name is less than 32 UTF-16 characters. When it's longer, a stack buffer overrun occurs, leading to a ROP chain and complete control of the mcopy application. | |||
The malformed security blob can be sent by an attacker within the SMB_COM_SESSION_SETUP_ANDX (0x73) packet. | |||
| [[11.8.0-41|11.8.0-41]] | |||
| [[11.8.0-41|11.8.0-41]] | |||
| [[9.0.0-20|9.0.0-20]] | |||
| August 12, 2018 | |||
| 2018 | |||
| smea | |||
|} | |} | ||